Data Driven Legal
Specialist legal practice offering data protection and AI governance advice.
We are experts in data protection, privacy, and AI governance. We have years of experience delivering clear, practical advice to companies, from tech companies and life science organisations to global travel brands. Our in-house experience means we understand the real pressures businesses face.
We support our client with data protection compliance and contracts, support navigating AI governance regulations and requirements, fractional data protection officer services and fixed-fee help with data subject access requests. We provide straightforward, actionable solutions which means that our clients can focus on delivery and growth while we handle compliance.
“Crisis24 has been using Data Driven Legal to support our privacy compliance for a few years. Having Kate and the team available is like having an extension of our in-house legal team with expert knowledge in their subject areas. They really understand our business and provide practical, commercially driven legal advice which is often requested by us at short notice.”
Products and services
Outsourced Data Protection Officer
Many companies are required by law to have a Data Protection Officer (‘DPO’), depending on the work they do and how they use personal data. Even if it is not required by law, a company may choose to appoint a DPO for customer confidence and credibility.
By appointing an external DPO to work for you on a freelance or contractual basis, you can ensure you meet your regulatory requirements while achieving several other benefits.
Five good reasons to nominate an external DPO:
- Cost Efficiencies: By appointing an experienced external DPO, you can appoint on a part time or hourly basis, thereby ensuring that you meet your regulatory requirement while minimising spend as far as possible.
- External DPOs always meet the requirement of independence: Appointing an external DPO reduces any risk of conflict of interest with other tasks and duties.
- There is no substitute for experience: A seasoned DPO can help a company to understand what to prioritise and where to invest time and attention to move the dial on a compliance program.
- Pay for output, not for training: Data protection is an increasingly complicated area of law and the GDPR requires that DPOs are provided with sufficient resources and experience to perform their tasks and maintain their expert knowledge. External DPOs maintain their knowledge in their own time, meaning you only pay for the work they do.
- Get a cross-industry view: External DPOs can give you an idea of industry practice and what is working well for other companies.
Get in touch to find out how we can support you.
Fixed Fee Data Subject Access Request
Get control over fees for response to data subject access requests.
Handling DSARs can be a significant drain on time and resources as they require careful attention to detail and a thorough understanding of the relevant guidance.
Having supported DSARs for clients for many years, and having managed DSARs inhouse ourselves, we understand the challenges. So we’re pleased to offer a clear, cost-effective solution with our fixed fee DSAR service.
We will agree with you a transparent fee to answer the DSAR in full from start to finish. Our expert team will then manage the entire DSAR process for you, taking steps to:
- Make sure data is shared with the data subject in line with the statutory deadlines
- Review, redact, document and collate all the records you share with us in accordance with GDPR and relevant guidance
- Draft all correspondence for you to share with the data subject and if you prefer, we can handle that communication directly with the data subject.
While we go through the detail, you reclaim your time and focus on your core business activities, easy in the knowledge that the DSAR is in good hands.
GDPR Compliance
We are your virtual data protection team
Are you General Counsel, Head of Legal or even a DPO with 101 things to do, one of which is managing data protection compliance? We know how that feels.
We can pick up any and all of your data protection work, from updating your privacy policy, negotiating data processing agreements or running privacy impact assessments. We’re here to help.
Our clients think of us as an extension of their team and tell us that they have not been able to recruit one candidate with the skills and experience that we have.
We can help you with the following:
- Audit: Understand your current level of compliance and where to focus your efforts.
- Training: Ensure your teams know how to spot a data protection issue and how to handle it and/or escalate.
- Policies: Customer, candidate or colleague facing - we can help with any data protection policy!
- Data Processing Agreements: We can draft a playbook for these standard agreements for your team to refer to. Or we can just take them all off your hands, so you can focus on key commercial contract.
Get in touch to find out how we can help you.
AI Governance
Our background in compliance means we are well-placed to offer your organisation strategic compliance advice through the entire AI lifecycle. We combine our knowledge of the EU AI Act and international ethical guidelines with our understanding of the processes you probably already have in place for GDPR compliance. Our experience means we can support your organisation to build on the compliance measures you already have in place, meaning you save time, effort and budget.
We can help you with the following:
- AI Impact assessments: an evaluation of potential risks and an evaluation of safeguards
- Training: empower your team with the knowledge and skills necessary for responsible AI adoption
- Contract review: strengthen your position and ensure that risks from technology contracts are carefully assessed
- Policies: careful drafting or review of policies, designed for both internal and public audiences
Contact us to learn more about how we can support you and your team.